Meta's five-level post-quantum migration framework, April 2026
Meta's April 2026 framework defines five PQC migration levels and a six-phase programme, with ML-KEM-768 and ML-DSA-65 as the settled algorithm picks.
On 16 April 2026, Meta published the framework it uses to migrate its own infrastructure to post-quantum cryptography, on its engineering blog. Public, in-progress migration accounts from operators at that scale are rare. The substance is more useful than any vendor whitepaper published this quarter.
What are the five migration levels?
The framework defines five maturity levels: PQ-Unaware, PQ-Aware, PQ-Ready, PQ-Hardened, and PQ-Enabled. Most enterprise systems today sit at the first or second level.
The path from there to PQ-Enabled is not a vendor selection. Meta describes a six-phase programme that starts with cryptographic inventory and ends with PQC components integrated into production protocols. The timeline is stated in plain language: “years of phased work across protocols, products, and infrastructure.”
Two implications follow from Meta’s account. The binding artefact of the migration is the inventory, not the roadmap. And the algorithm choices are now stable, which removes the standing reason for waiting. The two sections below take each in turn.
Why is the inventory the binding artefact?
A migration plan written on top of an unknown inventory is fiction. Per the 2026 Entrust and Ponemon Institute Global State of Post-Quantum and Cryptographic Security study (n=4,000), only 43% of surveyed organisations report full visibility into the certificates inside their own enterprise. 41% name limited cryptographic visibility as the top barrier to readiness.
The roadmap is the artefact boards ask for. The inventory is the artefact the roadmap depends on. Organisations that want a first read on their own position before commissioning the full inventory can take DQ’s free PQC scan.
Are the algorithm choices still moving?
No. The recommendations are specific and the standards behind them are final.
| Function | Meta recommendation | Standard | Date |
|---|---|---|---|
| Key encapsulation | ML-KEM, with ML-KEM-768 at NIST Security Level 3 | NIST FIPS 203 | Finalised August 2024 |
| Digital signatures | ML-DSA, with ML-DSA-65 | NIST FIPS 204 | Finalised August 2024 |
| Backup KEM | HQC | NIST selection | March 2025 |
The “wait for the standards to settle” position no longer maps to anything real. The standards settled in August 2024, and the backup KEM was named in March 2025.
What is the board question this quarter?
Which migration level the organisation can defend at the next audit, and what evidence backs the answer. For most enterprises the honest answer today is PQ-Aware at best. Defending that answer with evidence is still a stronger position than presenting a roadmap the inventory cannot support.
The work that moves the level up is dull and specific: inventory, hybrid deployment, guardrails, and integration, years of it on Meta’s own account. Organisations that land at PQ-Enabled by the end of the decade will be the ones that started the inventory in 2026. Those that did not will still be defending PQ-Aware in 2030.
- Meta Engineering, Post-Quantum Cryptography Migration at Meta: Framework, Lessons, and Takeaways, 16 April 2026 (verified May 9, 2026)
- Entrust and Ponemon Institute, 2026 Global State of Post-Quantum and Cryptographic Security (n=4,000) (verified May 9, 2026)
- NIST FIPS 203 (ML-KEM) and FIPS 204 (ML-DSA), finalised August 2024 (verified May 9, 2026)
- NIST HQC backup KEM selection, March 2025 (verified May 9, 2026)